What is CVE-2025-38502?

CVE-2025-38502 is a high-severity vulnerability in Linux, classified under Out-of-bounds Read. CVSS score: 7.1/10. Published 2025-08-16.

How severe is CVE-2025-38502?

High severity. CVSS v3 base score is 7.1 out of 10.

Is CVE-2025-38502 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Out-of-bounds Read in Linux

CVE-2025-38502

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup local storage Lonial reported that an out-of-bounds access in cgroup local storage can be crafted via tail calls. Given two programs each u…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (9.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H.

Affected products

Linux — versions 7d9c3427894fe70d1347b4820476bf37736d2ff0, 5.9, 0
Linux Linux_kernel
Siemens Simatic_cn_4100
Siemens Simatic_cn_4100_firmware
Debian Debian_linux — versions 11.0

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

Public proof-of-concept exploits

w4zu/Debian_

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Patch)
416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Patch)
416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Patch)
416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Patch)
416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Patch)
416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Patch)
af854a3a-2127-422b-91ae-364da2661108 (Mailing List, Third Party Advisory)
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e (Third Party Advisory)

Frequently asked questions

What is CVE-2025-38502?: CVE-2025-38502 is a high-severity vulnerability in Linux, classified under Out-of-bounds Read. CVSS score: 7.1/10. Published 2025-08-16.
How severe is CVE-2025-38502?: High severity. CVSS v3 base score is 7.1 out of 10.
Is CVE-2025-38502 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.